diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index 23092138ac6..47a5cea8fab 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -8,10 +8,13 @@ acct-group/disk acct-group/dnsmasq acct-group/docker acct-group/floppy +acct-group/incus +acct-group/incus-admin acct-group/input acct-group/kmem acct-group/kvm acct-group/lp +acct-group/lxc acct-group/man acct-group/messagebus acct-group/named @@ -45,6 +48,7 @@ acct-group/video acct-group/wheel acct-user/dnsmasq +acct-user/lxc acct-user/man acct-user/messagebus acct-user/named @@ -116,6 +120,8 @@ app-containers/crun app-containers/docker app-containers/docker-buildx app-containers/docker-cli +app-containers/incus +app-containers/lxc app-containers/netavark app-containers/podman app-containers/runc @@ -226,6 +232,7 @@ dev-lang/tcl dev-lang/yasm dev-libs/cJSON +dev-libs/cowsql dev-libs/cyrus-sasl dev-libs/dbus-glib dev-libs/ding-libs @@ -278,6 +285,7 @@ dev-libs/opensc dev-libs/openssl dev-libs/popt dev-libs/protobuf +dev-libs/raft dev-libs/tree-sitter dev-libs/tree-sitter-bash dev-libs/userspace-rcu @@ -371,6 +379,7 @@ dev-util/perf dev-util/pkgcheck dev-util/pkgconf dev-util/re2c +dev-util/xdelta dev-vcs/git @@ -658,6 +667,7 @@ sys-fs/fuse-common sys-fs/fuse-overlayfs sys-fs/lsscsi sys-fs/lvm2 +sys-fs/lxcfs sys-fs/mdadm sys-fs/mtools sys-fs/multipath-tools diff --git a/build_library/extra_sysexts.sh b/build_library/extra_sysexts.sh index 35dbd403a88..2e73fbba728 100644 --- a/build_library/extra_sysexts.sh +++ b/build_library/extra_sysexts.sh @@ -1,13 +1,14 @@ EXTRA_SYSEXTS=( - "zfs|sys-fs/zfs" - "podman|app-containers/podman,net-misc/passt" - "python|dev-lang/python,dev-python/pip" + "incus|app-containers/incus" "nvidia-drivers-535|x11-drivers/nvidia-drivers:0/535|-kernel-open persistenced|amd64" "nvidia-drivers-535-open|x11-drivers/nvidia-drivers:0/535|kernel-open persistenced|amd64" "nvidia-drivers-550|x11-drivers/nvidia-drivers:0/550|-kernel-open persistenced|amd64" "nvidia-drivers-550-open|x11-drivers/nvidia-drivers:0/550|kernel-open persistenced|amd64" "nvidia-drivers-570|x11-drivers/nvidia-drivers:0/570|-kernel-open persistenced|amd64" "nvidia-drivers-570-open|x11-drivers/nvidia-drivers:0/570|kernel-open persistenced|amd64" + "podman|app-containers/podman,net-misc/passt" + "python|dev-lang/python,dev-python/pip" + "zfs|sys-fs/zfs" ) _get_unversioned_sysext_packages_unsorted() { diff --git a/build_library/sysext_mangle_flatcar-incus b/build_library/sysext_mangle_flatcar-incus new file mode 100755 index 00000000000..d7ac982c8df --- /dev/null +++ b/build_library/sysext_mangle_flatcar-incus @@ -0,0 +1,28 @@ +#!/bin/bash + +set -euo pipefail +rootfs="${1}" + +pushd "${rootfs}" + +pushd ./usr/lib/systemd/system +mkdir -p "multi-user.target.d" +{ echo "[Unit]"; echo "Upholds=incus.service"; } > "multi-user.target.d/10-incus.conf" +popd + +mkdir -p ./usr/lib/tmpfiles.d +pushd ./usr/lib/tmpfiles.d +cat <./10-incus.conf +d /var/lib/lxc/rootfs 0755 root root - - +w+ /etc/subuid - - - - root:1065536:65536 +w+ /etc/subgid - - - - root:1065536:65536 +EOF +popd + +# Add 'core' user to 'incus-admin' group to avoid prefixing +# all commands with sudo. +mkdir -p ./usr/lib/userdb/ +echo " " > ./usr/lib/userdb/core:incus-admin.membership + +popd + diff --git a/changelog/changes/2025-05-14-incus.md b/changelog/changes/2025-05-14-incus.md new file mode 100644 index 00000000000..a9d9edf85fd --- /dev/null +++ b/changelog/changes/2025-05-14-incus.md @@ -0,0 +1 @@ +- Provided an Incus Flatcar extension as optional systemd-sysext image with the release. Write 'incus' to `/etc/flatcar/enabled-sysext.conf` through Ignition and the sysext will be installed during provisioning. ([scripts#1655](https://github.com/flatcar/scripts/pull/1655)) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r16.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r17.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r16.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r17.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild index f1a8b24861c..e89d4114449 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild @@ -30,8 +30,9 @@ RDEPEND=" sys-boot/shim-signed app-containers/containerd app-containers/docker - app-containers/docker-cli app-containers/docker-buildx + app-containers/docker-cli + app-containers/incus app-emulation/amazon-ssm-agent app-emulation/hv-daemons app-emulation/wa-linux-agent diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus new file mode 100644 index 00000000000..f274734fba2 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus @@ -0,0 +1,13 @@ +# This is used to convert regular user / group entries to +# userdb entries (in JSON format) to later be consumed by userdbd +# when loading the sysext image on the instance. +# The user / groups will be created dynamically and if the sysext image is +# removed the entries will be removed as well. +cros_post_src_install_add_userdb_record(){ + insinto /usr/lib/userdb + newins - ${ACCT_GROUP_NAME}.group < <( + printf '{"groupName":"%q","gid":%q}\n' \ + "${ACCT_GROUP_NAME}" \ + "${_ACCT_GROUP_ID/#-*/-}" + ) +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus-admin b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus-admin new file mode 100644 index 00000000000..f274734fba2 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus-admin @@ -0,0 +1,13 @@ +# This is used to convert regular user / group entries to +# userdb entries (in JSON format) to later be consumed by userdbd +# when loading the sysext image on the instance. +# The user / groups will be created dynamically and if the sysext image is +# removed the entries will be removed as well. +cros_post_src_install_add_userdb_record(){ + insinto /usr/lib/userdb + newins - ${ACCT_GROUP_NAME}.group < <( + printf '{"groupName":"%q","gid":%q}\n' \ + "${ACCT_GROUP_NAME}" \ + "${_ACCT_GROUP_ID/#-*/-}" + ) +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/lxc b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/lxc new file mode 100644 index 00000000000..f274734fba2 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/lxc @@ -0,0 +1,13 @@ +# This is used to convert regular user / group entries to +# userdb entries (in JSON format) to later be consumed by userdbd +# when loading the sysext image on the instance. +# The user / groups will be created dynamically and if the sysext image is +# removed the entries will be removed as well. +cros_post_src_install_add_userdb_record(){ + insinto /usr/lib/userdb + newins - ${ACCT_GROUP_NAME}.group < <( + printf '{"groupName":"%q","gid":%q}\n' \ + "${ACCT_GROUP_NAME}" \ + "${_ACCT_GROUP_ID/#-*/-}" + ) +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/incus b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/incus new file mode 100644 index 00000000000..667637407e6 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/incus @@ -0,0 +1,3 @@ +cros_pre_src_compile_pkgconfig() { + export PKG_CONFIG="$(tc-getPKG_CONFIG)" +} diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index d322e2ae411..e92681392a7 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -16,6 +16,10 @@ # Needed to address CVE-2025-24965. =app-containers/crun-1.20 ~amd64 ~arm64 +# Keep versions on both arches in sync. +=app-containers/lxc-6.0.3 ~arm64 +=app-containers/incus-6.0.3-r2 ~arm64 + # No stable keywords. =app-containers/syft-1.18.1 ~amd64 ~arm64 @@ -41,17 +45,24 @@ # Keep versions on both arches in sync. =dev-lang/yasm-1.3.0-r1 ~arm64 =dev-libs/ding-libs-0.6.2-r1 ~arm64 +=dev-libs/cowsql-1.15.7 ~arm64 # The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet. =dev-libs/jose-12 ** =dev-libs/luksmeta-9-r1 ** +# Keep versions on both arches in sync. +=dev-libs/raft-0.22.1 ~arm64 + # No arm64 keyword in package. =dev-util/bsdiff-4.3-r4 ** # Catalyst 4 is not stable yet, but earlier versions are masked now. =dev-util/catalyst-4.0.0 ~amd64 ~arm64 +# Keep versions on both arches in sync. +=dev-util/xdelta-3.0.11-r1 ~arm64 + # Needed to address CVE-2025-31498. =net-dns/c-ares-1.34.5 ~amd64 ~arm64 @@ -99,5 +110,6 @@ sys-apps/azure-vm-utils # Keep versions on both arches in sync. =sys-fs/fuse-3.17.2 ~arm64 +=sys-fs/lxcfs-6.0.3-r1 ~arm64 =sys-libs/libsemanage-3.7 ~arm64 =sys-process/audit-4.0.2-r1 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 37925ec487f..3bc3c99d6d8 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -176,3 +176,19 @@ sys-apps/systemd -gcrypt # Make dracut module available for initrd build. sys-apps/azure-vm-utils dracut + +# Enable SELinux for lxc +app-containers/lxc selinux + +# required by app-containers/incus-6.0.3-r1::portage-stable +# required by incus (argument) +dev-libs/raft lz4 + +# required by app-containers/incus-6.0.3-r1::portage-stable +# required by incus (argument) +dev-util/xdelta lzma + +# required by app-containers/lxc-6.0.3::portage-stable[tools,caps] +# required by app-containers/incus-6.0.3-r1::portage-stable +# required by incus (argument) +sys-libs/libcap static-libs diff --git a/sdk_container/src/third_party/portage-stable/acct-group/incus-admin/incus-admin-0.ebuild b/sdk_container/src/third_party/portage-stable/acct-group/incus-admin/incus-admin-0.ebuild new file mode 100644 index 00000000000..ee18e2282ca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/acct-group/incus-admin/incus-admin-0.ebuild @@ -0,0 +1,9 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit acct-group + +ACCT_GROUP_ID=533 +DESCRIPTION="Group for app-containers/incus" diff --git a/sdk_container/src/third_party/portage-stable/acct-group/incus-admin/metadata.xml b/sdk_container/src/third_party/portage-stable/acct-group/incus-admin/metadata.xml new file mode 100644 index 00000000000..5d32dd6c55b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/acct-group/incus-admin/metadata.xml @@ -0,0 +1,8 @@ + + + + + virtualization@gentoo.org + Gentoo Virtualization Project + + diff --git a/sdk_container/src/third_party/portage-stable/acct-group/incus/incus-0.ebuild b/sdk_container/src/third_party/portage-stable/acct-group/incus/incus-0.ebuild new file mode 100644 index 00000000000..e5f45afcdc9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/acct-group/incus/incus-0.ebuild @@ -0,0 +1,9 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit acct-group + +ACCT_GROUP_ID=532 +DESCRIPTION="Group for app-containers/incus" diff --git a/sdk_container/src/third_party/portage-stable/acct-group/incus/metadata.xml b/sdk_container/src/third_party/portage-stable/acct-group/incus/metadata.xml new file mode 100644 index 00000000000..5d32dd6c55b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/acct-group/incus/metadata.xml @@ -0,0 +1,8 @@ + + + + + virtualization@gentoo.org + Gentoo Virtualization Project + + diff --git a/sdk_container/src/third_party/portage-stable/acct-group/lxc/lxc-0-r2.ebuild b/sdk_container/src/third_party/portage-stable/acct-group/lxc/lxc-0-r2.ebuild new file mode 100644 index 00000000000..c2f7cd728e6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/acct-group/lxc/lxc-0-r2.ebuild @@ -0,0 +1,9 @@ +# Copyright 2021-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit acct-group + +ACCT_GROUP_ID=358 +DESCRIPTION="Group for app-containers/lxc" diff --git a/sdk_container/src/third_party/portage-stable/acct-group/lxc/metadata.xml b/sdk_container/src/third_party/portage-stable/acct-group/lxc/metadata.xml new file mode 100644 index 00000000000..5d32dd6c55b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/acct-group/lxc/metadata.xml @@ -0,0 +1,8 @@ + + + + + virtualization@gentoo.org + Gentoo Virtualization Project + + diff --git a/sdk_container/src/third_party/portage-stable/acct-user/lxc/lxc-0-r2.ebuild b/sdk_container/src/third_party/portage-stable/acct-user/lxc/lxc-0-r2.ebuild new file mode 100644 index 00000000000..7449e8ee379 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/acct-user/lxc/lxc-0-r2.ebuild @@ -0,0 +1,12 @@ +# Copyright 2021-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit acct-user + +DESCRIPTION="User for app-containers/lxc" +ACCT_USER_ID=358 +ACCT_USER_GROUPS=( lxc ) + +acct-user_add_deps diff --git a/sdk_container/src/third_party/portage-stable/acct-user/lxc/metadata.xml b/sdk_container/src/third_party/portage-stable/acct-user/lxc/metadata.xml new file mode 100644 index 00000000000..5d32dd6c55b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/acct-user/lxc/metadata.xml @@ -0,0 +1,8 @@ + + + + + virtualization@gentoo.org + Gentoo Virtualization Project + + diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest new file mode 100644 index 00000000000..dd1c3524811 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest @@ -0,0 +1,10 @@ +DIST incus-6.0.3.tar.xz 11916020 BLAKE2B d3d998bd50124604c52ff007eefed586c216ce1a0a77d45724fd489db1d93f2fa304f5d6e1c368ff2dd4d1170b24605fd24bbf2a6e4506207686ca392936c200 SHA512 6a879e6634cf545b4c427800d923a32e5fe58a6eaf220ad8d0cb08e0ced5e6c4be09274ae095bb9dae25a55445462ea83d3d9235f67bbb9896944f596bf17e1a +DIST incus-6.0.3.tar.xz.asc 833 BLAKE2B 38835ab036709161150992cb40df4ff1ae1887d4f3e0b037d0415f75d2bb711cb3c5945bffe1b91d289acfb7e19e726964278e5c2ab31731ba9f7534f139dec7 SHA512 7d5360ab91aafe1d047a60e38a07e24c3c7b158e753087a943ec5e59d6a27c19a872080c9007b6cf592040d3408845bc188d76f6e732408d0680a3782cebce47 +DIST incus-6.0.4.tar.xz 12000208 BLAKE2B 99a4ba40d2eea48515b88f4534c282adc925fe1b5487dc98901f000894b3781aec89f617d2246314cf9a95a7d65531e486c4092f8939722e1b3c2bf7d33063c8 SHA512 14a5cdad3f9365d58e526c8f451d9e7a57729010073caff31256e0b94d28206adc82ead4820278e7eac17b74d22a76d9f3b9f5f8424ddbfa6b74a5cea13e019f +DIST incus-6.0.4.tar.xz.asc 833 BLAKE2B 96c94cde55cd2e9f7f28db7adb098adf4895437d300dfd42aeac540cdab6677fb604831c28f40f8581e60b89b228557d81696cd64950a1c2147b445a5ec58b30 SHA512 1ef2063eab424467c805f8c86b5b0caca848f46d2ef7ebf602049fe32ee15a7e1006d5a2710b355604aef73802b4333cd0428c772e1c5fc4da588c2cd7ee1694 +DIST incus-6.10.1.tar.xz 18023076 BLAKE2B c35c7a81448b17db6db8959458c23a58392d9e3dcfedaf6d1094964c0c35d46d551a4d6cbaab93cde4b9006bdeb064dcc50148fc2cded6c9ca122f635dab58cd SHA512 12566fef798b34e3d1f3abe4bebada50a99f0e30fd33e1c5ffab458a2ebdac484650e6bf35a48bc4680669d24c9fd912b549e43ed01318bdac52d1b1767cb275 +DIST incus-6.10.1.tar.xz.asc 833 BLAKE2B 2e2de67bae59502fdad66a7ac5b7771d4e305f87e4b3e35bc829a73bd053a7ca8256f9bfa8e4c2fc6ee2268cdc8bd9b9bac7ed319e5cda14829daeaa39108b51 SHA512 4f00405913b0d04a0eec407756928e59e477ecf4dfc07b063a13fc5683fcc6e18efe1d2947a6b9c12e5fb1b64d39dc076f4a41da129fe132d30e7cfc23af80a4 +DIST incus-6.11.tar.xz 11997736 BLAKE2B 8764c1189fceeb65caedc0b9cf562f8f78a4e905101022c4efe98693ed70ef069b580d10f74e1830e0225a5332b5b37a9068c636aec738a6496a01430d6074c3 SHA512 0d52e71ce55aa59bb2b3a4c9f7926d43a6dfae1809d42c2c0c591019eaef648a4e15159a826de382e06149aa3488d60c283f69055335124d85597199d231367f +DIST incus-6.11.tar.xz.asc 833 BLAKE2B b399138638c2c503600b29899b81a4ce691af2ad16ab2d8f8994c92e317e0b48dc2021095346e9784f58a631b724c134186be026acb06fb9a63a01cc0d1cb970 SHA512 f2b108129fe3111e184544b4fce8d5503b59764b202582c901699602d3a7434e3876684ad0f625b7beeb8ca92e6cd9468ced804bcbb8e00336d48d4bce4de1fe +DIST incus-6.12.tar.xz 12041616 BLAKE2B 25bb157839a6d86f45614f71cb8f61ec2d92ca96322e90dc9d4f47603aee8b246621b941cd223a3c9007bbb4dbb65ffe432a72d2e7af5fefae40bc398406424b SHA512 1234f54965f2b50fa04c286405dd3b7dcbf86f88f91dd38476695a57961dd13fbc8da3c698ce1c254da71239b4af64fda25b9de7c6db017e7728b5bc4db52bf4 +DIST incus-6.12.tar.xz.asc 833 BLAKE2B e74dbefea68db25458da3956e6b5fc99b2cc861d9a20c5d10a9fa2d1803068b2b36a350d35960bfb289e9e1e747baa8bc5d2fdb0a93fcfb8ee7b0ffcd65befe7 SHA512 11f63160366a17d7d2679eb52f318d3c0e2a6d91a76c968d6483db9fb45892006d831f85e30bedfa9237a55d9b517458b01c3d1311e7e5f9ea1c3b3bbc18975a diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.service b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.service new file mode 100644 index 00000000000..17aea1de12b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.service @@ -0,0 +1,22 @@ +[Unit] +Description=Incus - main daemon +After=network-online.target lxcfs.service incus.socket +Requires=network-online.target lxcfs.service incus.socket + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/sbin/incusd --group incus-admin --syslog +ExecStartPost=/usr/sbin/incusd waitready --timeout=600 +ExecStartPre=/bin/mkdir -p /var/log/incus +ExecStartPre=/bin/chown -R root:incus-admin /var/log/incus +KillMode=process +PermissionsStartOnly=true +TimeoutStartSec=600s +TimeoutStopSec=30s +Restart=on-failure +LimitNOFILE=1048576 +LimitNPROC=infinity +TasksMax=infinity + +[Install] +Also=incus-startup.service incus.socket diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.socket b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.socket new file mode 100644 index 00000000000..741fadd0309 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Incus - Daemon (unix socket) + +[Socket] +ListenStream=/var/lib/incus/unix.socket +SocketGroup=incus-admin +SocketMode=0660 +Service=incus.service + +[Install] +WantedBy=sockets.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.confd b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.confd new file mode 100644 index 00000000000..d75a9071aca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.confd @@ -0,0 +1,27 @@ +## "INCUS_OPTIONS+=" is not POSIX-compliant, so we use +## "INCUS_OPTIONS="${INCUS_OPTIONS}"" to not rely on bashmisms. +## bgo#929138 + +# Group which owns the shared socket +INCUS_OPTIONS="${INCUS_OPTIONS} --group incus-admin" + +# Enable cpu profiling into the specified file +#INCUS_OPTIONS="${INCUS_OPTIONS} --cpuprofile /tmp/lxc_cpu_profile" + +# Enable memory profiling into the specified file +#INCUS_OPTIONS="${INCUS_OPTIONS} --memprofile /tmp/lxc_mem_profile" + +# Enable debug mode +#INCUS_OPTIONS="${INCUS_OPTIONS} --debug" + +# For debugging, print a complete stack trace every n seconds +#INCUS_OPTIONS="${INCUS_OPTIONS} --print-goroutines-every 5" + +# Enable verbose mode +#INCUS_OPTIONS="${INCUS_OPTIONS} -v" + +# Logfile to log to +#INCUS_OPTIONS="${INCUS_OPTIONS} --logfile /var/log/incus/incus.log" + +# Enable syslog logging +#INCUS_OPTIONS="${INCUS_OPTIONS} --syslog" diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.initd b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.initd new file mode 100644 index 00000000000..fb0d80ee798 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.initd @@ -0,0 +1,63 @@ +#!/sbin/openrc-run +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +DAEMON=/usr/sbin/incusd +PIDFILE=/run/incus.pid + +depend() { + need net + need lxcfs +} + +start() { + ebegin "Starting incus daemon service" + + modprobe -f loop > /dev/null 2>&1 + + # Call prlimit from the init.d file instead of ulimit through rc_ulimit, + # bgo#929138 + prlimit --nofile=1048576 --memlock=unlimited --pid=$$ + + # Fix permissions on /var/lib/incus and make sure it exists. + # Create a log directory for incus with correct permissions. + install -d /var/lib/incus --group incus-admin --owner root --mode 0775 + install -d /var/log/incus --group incus-admin --owner root + + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${DAEMON} \ + --background \ + --make-pidfile \ + -- \ + ${INCUS_OPTIONS} + eend ${?} + + # Create necessary systemd paths in order for systemd containers to work on openrc host. + # /etc/rc.conf should have following values: + # rc_cgroup_mode="hybrid" + if [ -d /sys/fs/cgroup/unified ] && + [ ! -d /sys/fs/cgroup/systemd ]; then + install -d /sys/fs/cgroup/systemd --group incus-admin --owner root + mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd + fi +} + +stop() { + if [ "${RC_CMD}" = restart ]; then + ebegin "Stopping incus daemon service (but not containers)" + # start-stop-daemon sends SIGTERM with a timeout of 5s by default. + # SIGTERM indicates to INCUS that it will be stopped temporarily. + # Instances will keep running. + start-stop-daemon --stop --quiet -p "${PIDFILE}" + eend ${?} + else + ebegin "Stopping incus daemon service and containers, waiting 40s" + # SIGPWR indicates to INCUS that the host is going down. + # LXD will do a clean shutdown of all instances. + # After 30s all remaining instances will be killed. + # We wait up to 40s for INCUS. + start-stop-daemon --stop --quiet -R SIGPWR/40 -p "${PIDFILE}" + eend ${?} + fi +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.service b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.service new file mode 100644 index 00000000000..8838bdc4949 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.service @@ -0,0 +1,15 @@ +[Unit] +Description=Incus - Startup check +After=incus.socket incus.service +Requires=incus.socket + +[Service] +Type=oneshot +ExecStart=/usr/sbin/incus-startup start +ExecStop=/usr/sbin/incus-startup stop +TimeoutStartSec=600s +TimeoutStopSec=600s +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.sh b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.sh new file mode 100644 index 00000000000..6b19f22e4cb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.sh @@ -0,0 +1,21 @@ +#!/bin/sh +set -e + +case "$1" in + start) + systemctl is-active incus -q && exit 0 + exec incusd activateifneeded + ;; + + stop) + systemctl is-active incus -q || exit 0 + exec incusd shutdown + ;; + + *) + echo "unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.initd b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.initd new file mode 100644 index 00000000000..7d81d298f58 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.initd @@ -0,0 +1,37 @@ +#!/sbin/openrc-run +# Copyright 2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="incus-user socket daemon" +description="incus-user socket daemon" + +DAEMON=/usr/sbin/incus-user +PIDFILE=/run/incus-user.pid + +depend() { + need incus + need net +} + +start() { + ebegin "Starting incus-user socket daemon" + + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${DAEMON} \ + --background \ + --make-pidfile \ + -- \ + --group incus + eend ${?} +} + +stop() { + if [ "${RC_CMD}" = restart ]; then + start-stop-daemon --stop --quiet -p "${PIDFILE}" + eend ${?} + else + start-stop-daemon --stop --quiet -p "${PIDFILE}" + eend ${?} + fi +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.service b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.service new file mode 100644 index 00000000000..4cb4d44263c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.service @@ -0,0 +1,12 @@ +[Unit] +Description=Incus - User daemon +After=incus-user.socket incus.service +Requires=incus-user.socket + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/sbin/incus-user --group incus +Restart=on-failure + +[Install] +Also=incus-user.socket diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.socket b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.socket new file mode 100644 index 00000000000..5c14276fc6c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Incus - Daemon (user unix socket) + +[Socket] +ListenStream=/var/lib/incus/unix.socket.user +SocketGroup=incus +SocketMode=0660 +Service=incus-user.service + +[Install] +WantedBy=sockets.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.3-r2.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.3-r2.ebuild new file mode 100644 index 00000000000..7262a4f6593 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.3-r2.ebuild @@ -0,0 +1,229 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/lts" +KEYWORDS="amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.6 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables + ) + fuidshift? ( !app-containers/lxd ) + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + # Fix hardcoded virtfs-proxy-helper file path, see bug 798924 + sed -i \ + -e "s:/usr/lib/qemu/virtfs-proxy-helper:/usr/libexec/virtfs-proxy-helper:g" \ + internal/server/device/device_utils_disk.go || die "Failed to fix virtfs-proxy-helper path." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + export GOHOSTARCH=$(go-env_goarch "${CBUILD}") + if [ "${GOARCH}" != "${GOHOSTARCH}" ]; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.4.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.4.ebuild new file mode 100644 index 00000000000..4703fda2057 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.4.ebuild @@ -0,0 +1,224 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/lts" +KEYWORDS="~amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.6 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables + ) + fuidshift? ( !app-containers/lxd ) + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "support for ACME certificate issuance" app-crypt/lego + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.10.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.10.1-r1.ebuild new file mode 100644 index 00000000000..1a9b75f9040 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.10.1-r1.ebuild @@ -0,0 +1,225 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/stable" +KEYWORDS="~amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.7 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables[json] + ) + fuidshift? ( !app-containers/lxd ) + net-firewall/ebtables + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "OCI container images support" app-containers/skopeo app-containers/umoci + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.11.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.11.ebuild new file mode 100644 index 00000000000..172578e69bf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.11.ebuild @@ -0,0 +1,226 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/stable" +KEYWORDS="~amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.7 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables[json] + ) + fuidshift? ( !app-containers/lxd ) + net-firewall/ebtables + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "OCI container images support" app-containers/skopeo app-containers/umoci + optfeature "support for ACME certificate issuance" app-crypt/lego + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.12.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.12.ebuild new file mode 100644 index 00000000000..92da209e83f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.12.ebuild @@ -0,0 +1,227 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/stable" +KEYWORDS="~amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.7 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables[json] + ) + fuidshift? ( !app-containers/lxd ) + net-firewall/ebtables + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + apparmor? ( sec-policy/apparmor-profiles ) + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "OCI container images support" app-containers/skopeo app-containers/umoci + optfeature "support for ACME certificate issuance" app-crypt/lego + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml b/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml new file mode 100644 index 00000000000..550a6f36daf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml @@ -0,0 +1,35 @@ + + + + + juippis@gentoo.org + Joonas Niilola + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + Install the fuidshift binary - currently conflicts with app-containers/lxd + Pull dependencies needed to manage QEMU-based virtual machines with Incus + + + Incus is a modern, secure and powerful system container and virtual machine manager. + Incus is a community fork from Canonical's LXD. + + It provides a unified experience for running and managing full Linux systems inside containers + or virtual machines. Incus supplies images for a wide number of Linux distributions and is built + around a very powerful, yet pretty simple, REST API. Incus scales from one instance on a single + machine to a cluster in a full data center rack, making it suitable for running workloads both + for development and in production. + + Incus allows you to easily set up a system that feels like a small private cloud. You can run any + type of workload in an efficient way while keeping your resources optimized. + + You should consider using Incus if you want to containerize different environments or run virtual + machines, or in general run and manage your infrastructure in a cost-effective way. + + + lxc/incus + + diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/lxc/Manifest new file mode 100644 index 00000000000..3c6c266789c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/Manifest @@ -0,0 +1,6 @@ +DIST lxc-5.0.3.tar.gz 975269 BLAKE2B 533d97fe4d986acbf5d562bb2c295a63df2a9a8bfc27aeff5056e4235f667102500debc586c5698482ec048c1b222a0fdc234db6fd6648c4b649f87a85de18f8 SHA512 0553be317431ab7ec0c450c0f85724a53de1f251c39c9716168e17cda6a8daec70b8221228c4be64027df28a327e0f1fd508e6bb48348ab540bbfeaf2b9ac974 +DIST lxc-5.0.3.tar.gz.asc 833 BLAKE2B c35278ed17cad76d2ea94b3985e0110731efea751fb5f1c2d1c9db71486e4844285f372a94c8611dcfe91fdb16459694843b9e0a8273cfc68a56f549c7162cfb SHA512 a5ce5769d49abdf35d94de8273fd3e9c2a8ba4fafea71cf33ee6bce1d83531c8b550d972f7080409a4cc5a92e9d04ece50ed108f92c6aec4868d150e58d7d11a +DIST lxc-6.0.3.tar.gz 964210 BLAKE2B 8d5dec7f088111a2ca82aadd6cd90eb30a3a1b61900aa47123caba2ff95d10e68cfcd6a94ec6b3e36657777578c8b113c95aad9112b48b9dc964e4ed73783b48 SHA512 4ed41155b74afa135ae8e01f55a8cbbc7284a80e9789aaa2e69264d6b90a6527baf51f9c68dd3364aa83e7939d070f5c7dad924c751927783e883adce539fbdf +DIST lxc-6.0.3.tar.gz.asc 833 BLAKE2B 3a23eacfdd248a95c9fa41a6edcb55abb07abc81314fa227649663ac264a9e5fdcf81cb38b79f1bd51b9172a70a0aee5bf65ecfdaf438c944c25f11c882ab562 SHA512 5de32e772bd2864e3b688a90fd9f08d98829d61ba3e1cc76a9b403fc005256149f55ad034e186c3329f3abe52a8815f60c5027b16de46be0bc81b14d0134babd +DIST lxc-6.0.4.tar.gz 964064 BLAKE2B f8911993ce333300e68fe3d817cceb49d6c18f83e5fec1ab2da8ba6f0820808883cf73ce1f7dea2725c6279d87e6fcc0a3feeaeadad76112a47ef69265dbef50 SHA512 8ccdd9cf37b8b75e1e58021bc9bd7841faf3a2790d07f0214b6c8bde7a23e579345f576079a541dba5e71361bf5672af9d482a9e82323068ca0f7291f6063aaf +DIST lxc-6.0.4.tar.gz.asc 833 BLAKE2B 4600373e9534515fe3ec0c41ebe5b17ee8c4e7ab125e3a211ed300f0fdd79a04a9c183b903e1b6600d7b7ce4d9f2e66451326c473beb02b4a83a7200764e56e7 SHA512 2efe6e06b33a34fdf7ba1393b5e07aa1a18f189b2e43673b4f9bbdc7cf0fcb9ad47b99ebbd08e910e139047d54b1104f098cbbef586796767b9dd1a4a99ca748 diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-6.0.4-start-Re-introduce-first-SET_DUMPABLE-call.patch b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-6.0.4-start-Re-introduce-first-SET_DUMPABLE-call.patch new file mode 100644 index 00000000000..59475cf7103 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-6.0.4-start-Re-introduce-first-SET_DUMPABLE-call.patch @@ -0,0 +1,34 @@ +From 2663712e8fa8f37e0bb873185e2d4526dc644764 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Sat, 5 Apr 2025 01:11:18 -0400 +Subject: [PATCH] start: Re-introduce first SET_DUMPABLE call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without it, we're running into issues with complex hooks like nvidia. + +Signed-off-by: Stéphane Graber +--- + src/lxc/start.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/lxc/start.c b/src/lxc/start.c +index f28bceaba..ee4bf4003 100644 +--- a/src/lxc/start.c ++++ b/src/lxc/start.c +@@ -1125,6 +1125,11 @@ static int do_start(void *data) + if (!lxc_switch_uid_gid(nsuid, nsgid)) + goto out_warn_father; + ++ ret = prctl(PR_SET_DUMPABLE, prctl_arg(1), prctl_arg(0), ++ prctl_arg(0), prctl_arg(0)); ++ if (ret < 0) ++ goto out_warn_father; ++ + /* set{g,u}id() clears deathsignal */ + ret = lxc_set_death_signal(SIGKILL, handler->monitor_pid, status_fd); + if (ret < 0) { +-- +2.48.1 + diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-monitord.service.5.0.0 b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-monitord.service.5.0.0 new file mode 100644 index 00000000000..ff4a201152c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-monitord.service.5.0.0 @@ -0,0 +1,11 @@ +[Unit] +Description=LXC Container Monitoring Daemon +After=syslog.service network.target +Documentation=man:lxc + +[Service] +Type=simple +ExecStart=/usr/libexec/lxc/lxc-monitord --daemon + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-net.service.5.0.0 b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-net.service.5.0.0 new file mode 100644 index 00000000000..8a037fcb761 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-net.service.5.0.0 @@ -0,0 +1,15 @@ +[Unit] +Description=LXC network bridge setup +After=network-online.target +Before=lxc.service +Documentation=man:lxc +ConditionVirtualization=!lxc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/lxc/lxc-net start +ExecStop=/usr/libexec/lxc/lxc-net stop + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc.initd.9 b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc.initd.9 new file mode 100644 index 00000000000..4958fbcbbc7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc.initd.9 @@ -0,0 +1,132 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +CONTAINER=${SVCNAME#*.} + +LXC_PATH=`lxc-config lxc.lxcpath` + +lxc_get_configfile() { + if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then + echo "${LXC_PATH}/${CONTAINER}.conf" + elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then + echo "${LXC_PATH}/${CONTAINER}/config" + else + eerror "Unable to find a suitable configuration file." + eerror "If you set up the container in a non-standard" + eerror "location, please set the CONFIGFILE variable." + return 1 + fi +} + +[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)} + +lxc_get_var() { + awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE} +} + +lxc_get_net_link_type() { + # gentoo bugfix 909640, drop commented lines before awk + grep -v '^#' ${CONFIGFILE} | awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" } + $1 == "lxc.network.type" {_type=$2;} + $1 == "lxc.network.link" {_link=$2;} + match($1, /lxc\.net\.[[:digit:]]+\.type/) {_type=$2;} + match($1, /lxc\.net\.[[:digit:]]+\.link/) {_link=$2;} + {if(_link != "" && _type != ""){ + printf("%s:%s\n", _link, _type ); + _link=""; _type=""; + }; }' +} + +checkconfig() { + if [ ${CONTAINER} = ${SVCNAME} ]; then + eerror "You have to create an init script for each container:" + eerror " ln -s lxc /etc/init.d/lxc.container" + return 1 + fi + + # no need to output anything, the function takes care of that. + [ -z "${CONFIGFILE}" ] && return 1 + + utsname=$(lxc_get_var lxc.uts.name) + if [ -z "$utsname" ] ; then + utsname=$(lxc_get_var lxc.utsname) + fi + + if [ "${CONTAINER}" != "${utsname}" ]; then + eerror "You should use the same name for the service and the" + eerror "container. Right now the container is called ${utsname}" + return 1 + fi +} + +depend() { + # be quiet, since we have to run depend() also for the + # non-muxed init script, unfortunately. + checkconfig 2>/dev/null || return 0 + + config ${CONFIGFILE} + need localmount + use lxcfs + + local _x _if + for _x in $(lxc_get_net_link_type); do + _if=${_x%:*} + case "${_x##*:}" in + # when the network type is set to phys, we can make use of a + # network service (for instance to set it up before we disable + # the net_admin capability), but we might also not set it up + # at all on the host and leave the net_admin capable service + # to take care of it. + phys) use net.${_if} ;; + *) need net.${_if} ;; + esac + done +} + +start() { + checkconfig || return 1 + rm -f /var/log/lxc/${CONTAINER}.log + + rootpath=$(lxc_get_var lxc.rootfs) + + # Check the format of our init and the chroot's init, to see + # if we have to use linux32 or linux64; always use setarch + # when required, as that makes it easier to deal with + # x32-based containers. + case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in + EM_X86_64) setarch=linux64;; + EM_386) setarch=linux32;; + esac + + ebegin "Starting LXC container ${CONTAINER}" + env -i ${setarch} $(which lxc-start) -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log + sleep 1 + + # lxc-start -d will _always_ report a correct startup, even if it + # failed, so rather than trust that, check that the cgroup exists. + # fix for LXC 3.1 + + STATE="$(lxc-info -s -H ${CONTAINER})" + [ "$STATE" = "RUNNING" ] + + eend $? +} + +stop() { + checkconfig || return 1 + + STATE="$(lxc-info -s -H ${CONTAINER})" + + if ! [ "$STATE" = "RUNNING" ]; then + ewarn "${CONTAINER} doesn't seem to be started." + return 0 + fi + + # 30s should be enough to shut everything down + # lxc-stop will return back anyway as soon as successful shutdown + # after 30s, lxc-stop sends SIGKILL (dirty shotdown) + ebegin "Stopping LXC container ${CONTAINER}" + lxc-stop -t 30 -n ${CONTAINER} + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc.service-5.0.0 b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc.service-5.0.0 new file mode 100644 index 00000000000..35d0dff241d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc.service-5.0.0 @@ -0,0 +1,19 @@ +[Unit] +Description=LXC Container Initialization and Autoboot Code +After=network.target lxc-net.service remote-fs.target +Wants=lxc-net.service +Documentation=man:lxc-autostart man:lxc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=/usr/libexec/lxc/lxc-apparmor-load +ExecStart=/usr/libexec//lxc/lxc-containers start +ExecStop=/usr/libexec/lxc/lxc-containers stop +ExecReload=/usr/libexec/lxc/lxc-apparmor-load +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +Delegate=yes + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc_at.service.5.0.0 b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc_at.service.5.0.0 new file mode 100644 index 00000000000..447b6c87ec5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc_at.service.5.0.0 @@ -0,0 +1,19 @@ +[Unit] +Description=LXC Container: %i +# This pulls in apparmor, dev-setup, lxc-net +After=lxc.service +Wants=lxc.service +Documentation=man:lxc-start man:lxc + +[Service] +Type=simple +KillMode=mixed +TimeoutStopSec=120s +ExecStart=/usr/bin/lxc-start -F -n %i +ExecStop=/usr/bin/lxc-stop -n %i +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +Delegate=yes + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-5.0.3.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-5.0.3.ebuild new file mode 100644 index 00000000000..4fdedaf083a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-5.0.3.ebuild @@ -0,0 +1,169 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 linux-info meson optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="A userspace interface for the Linux kernel containment features" +HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc" +SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )" + +LICENSE="GPL-2 LGPL-2.1 LGPL-3" +SLOT="0/1.502" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping. +KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv x86" +IUSE="apparmor +caps examples io-uring lto man pam seccomp selinux ssl systemd test +tools" + +RDEPEND="acct-group/lxc + acct-user/lxc + apparmor? ( sys-libs/libapparmor ) + caps? ( sys-libs/libcap[static-libs] ) + io-uring? ( >=sys-libs/liburing-2:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + ssl? ( dev-libs/openssl:0= ) + systemd? ( sys-apps/systemd:= ) + tools? ( sys-libs/libcap[static-libs] )" +DEPEND="${RDEPEND} + sys-kernel/linux-headers" +BDEPEND="virtual/pkgconfig + man? ( app-text/docbook2X ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +RESTRICT="!test? ( test )" + +CONFIG_CHECK="~!NETPRIO_CGROUP + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + + ~MEMCG + ~NAMESPACES + ~NET_NS + ~PID_NS + + ~POSIX_MQUEUE + ~USER_NS + ~UTS_NS + ~VETH" + +ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" +ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" +ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" +ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" +ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" +ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" +ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt ) + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + -Dcoverity-build=false + -Doss-fuzz=false + + -Dcommands=true + -Dmemfd-rexec=true + -Dthread-safety=true + + $(meson_use apparmor) + $(meson_use caps capabilities) + $(meson_use examples) + $(meson_use io-uring io-uring-event-loop) + $(meson_use lto b_lto) + $(meson_use man) + $(meson_use pam pam-cgroup) + $(meson_use seccomp) + $(meson_use selinux) + $(meson_use ssl openssl) + $(meson_use test tests) + $(meson_use tools) + + -Ddata-path=/var/lib/lxc + -Ddoc-path=/usr/share/doc/${PF} + -Dlog-path=/var/log/lxc + -Drootfs-mount-path=/var/lib/lxc/rootfs + -Druntime-path=/run + ) + + if use systemd; then + local emesonargs+=( -Dinit-script="systemd" ) + local emesonargs+=( -Dsd-bus=enabled ) + else + local emesonargs+=( -Dinit-script="sysvinit" ) + local emesonargs+=( -Dsd-bus=disabled ) + fi + + use tools && local emesonargs+=( -Dcapabilities=true ) + + if $(tc-ld-is-gold) || $(tc-ld-is-lld); then + local emesonargs+=( -Db_lto_mode=thin ) + else + local emesonargs+=( -Db_lto_mode=default ) + fi + + meson_src_configure +} + +src_install() { + meson_src_install + + # The main bash-completion file will collide with lxd, need to relocate and update symlinks. + mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir." + + if use tools; then + bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,usernsexec,wait} + else + bashcomp_alias lxc-start lxc-usernsexec + fi + + keepdir /var/lib/cache/lxc /var/lib/lib/lxc + + find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die + + # Replace upstream sysvinit/systemd files. + if use systemd; then + rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir" + else + rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts" + fi + + newinitd "${FILESDIR}/${PN}.initd.9" ${PN} + systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service + systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service + systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service + systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service" + + if ! use apparmor; then + sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" || + die "Failed to remove apparmor references from lxc.service systemd unit." + fi +} + +pkg_postinst() { + elog "Please refer to " + elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide." + elog + elog "Run 'lxc-checkconfig' to see optional kernel features." + elog + + optfeature "automatic template scripts" app-containers/lxc-templates + optfeature "Debian-based distribution container image support" dev-util/debootstrap + optfeature "snapshot & restore functionality" sys-process/criu +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.3.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.3.ebuild new file mode 100644 index 00000000000..4f9dce380f0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.3.ebuild @@ -0,0 +1,168 @@ +# Copyright 2022-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 linux-info meson optfeature systemd verify-sig + +DESCRIPTION="A userspace interface for the Linux kernel containment features" +HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc" +SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )" + +LICENSE="GPL-2 LGPL-2.1 LGPL-3" +SLOT="0/1.8" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping. +KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv x86" +IUSE="apparmor +caps examples io-uring man pam seccomp selinux ssl systemd test +tools" + +RDEPEND="acct-group/lxc + acct-user/lxc + apparmor? ( sys-libs/libapparmor ) + caps? ( sys-libs/libcap ) + io-uring? ( >=sys-libs/liburing-2:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + ssl? ( dev-libs/openssl:0= ) + systemd? ( + sys-apps/dbus + sys-apps/systemd:= + ) + tools? ( sys-libs/libcap )" +DEPEND="${RDEPEND} + caps? ( sys-libs/libcap[static-libs] ) + tools? ( sys-libs/libcap[static-libs] ) + sys-kernel/linux-headers" +BDEPEND="virtual/pkgconfig + man? ( app-text/docbook2X ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +RESTRICT="!test? ( test )" + +CONFIG_CHECK="~!NETPRIO_CGROUP + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + + ~MEMCG + ~NAMESPACES + ~NET_NS + ~PID_NS + + ~POSIX_MQUEUE + ~USER_NS + ~UTS_NS + ~VETH" + +ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" +ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" +ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" +ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" +ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" +ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" +ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt ) + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + + # -Dtools-multicall=false: will create a single binary called 'lxc' that conflicts with LXD. + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + -Dcoverity-build=false + -Dinstall-state-dirs=false + -Doss-fuzz=false + -Dspecfile=false + -Dtools-multicall=false + + -Dcommands=true + -Dinstall-init-files=true + -Dmemfd-rexec=true + -Dthread-safety=true + + $(meson_use apparmor) + $(meson_use caps capabilities) + $(meson_use examples) + $(meson_use io-uring io-uring-event-loop) + $(meson_use man) + $(meson_use pam pam-cgroup) + $(meson_use seccomp) + $(meson_use selinux) + $(meson_use ssl openssl) + $(meson_use test tests) + $(meson_use tools) + + $(usex systemd -Ddbus=true -Ddbus=false) + $(usex systemd -Dinit-script="systemd" -Dinit-script="sysvinit") + + -Ddata-path=/var/lib/lxc + -Ddoc-path=/usr/share/doc/${PF} + -Dlog-path=/var/log/lxc + -Drootfs-mount-path=/var/lib/lxc/rootfs + -Druntime-path=/run + ) + + use tools && local emesonargs+=( -Dcapabilities=true ) + + meson_src_configure +} + +src_install() { + meson_src_install + + # The main bash-completion file will collide with lxd, need to relocate and update symlinks. + local lxcbashcompdir="${D}/$(get_bashcompdir)" + mkdir -p "${lxcbashcompdir}" || die "Failed to create bashcompdir." + mv "${lxcbashcompdir}"/_lxc "${lxcbashcompdir}"/lxc-start || die "Failed to move _lxc bash completion file." + + # Build system will install all bash completion files regardless of our 'tools' use flag. + # Though installing them all will add bash completions for commands that don't exist, it's + # cleaner than dealing with individual files based on the use flag status. + bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,update-config,usernsexec,wait} + + find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die + + # Replace upstream sysvinit/systemd files. + if use systemd ; then + rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir" + else + rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts" + fi + + newinitd "${FILESDIR}/${PN}.initd.9" ${PN} + systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service + systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service + systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service + systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service" + + if ! use apparmor; then + sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" || + die "Failed to remove apparmor references from lxc.service systemd unit." + fi +} + +pkg_postinst() { + elog "Please refer to " + elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide." + elog + elog "Run 'lxc-checkconfig' to see optional kernel features." + elog + + optfeature "creating your own LXC containers" app-containers/distrobuilder + optfeature "automatic template scripts" app-containers/lxc-templates + optfeature "Debian-based distribution container image support" dev-util/debootstrap + optfeature "snapshot & restore functionality" sys-process/criu +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.4-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.4-r1.ebuild new file mode 100644 index 00000000000..995c5160812 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.4-r1.ebuild @@ -0,0 +1,172 @@ +# Copyright 2022-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 linux-info meson optfeature systemd verify-sig + +DESCRIPTION="A userspace interface for the Linux kernel containment features" +HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc" +SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )" + +LICENSE="GPL-2 LGPL-2.1 LGPL-3" +SLOT="0/1.8" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping. +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +IUSE="apparmor +caps examples io-uring man pam seccomp selinux ssl systemd test +tools" + +RDEPEND="acct-group/lxc + acct-user/lxc + apparmor? ( sys-libs/libapparmor ) + caps? ( sys-libs/libcap ) + io-uring? ( >=sys-libs/liburing-2:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + ssl? ( dev-libs/openssl:0= ) + systemd? ( + sys-apps/dbus + sys-apps/systemd:= + ) + tools? ( sys-libs/libcap )" +DEPEND="${RDEPEND} + caps? ( sys-libs/libcap[static-libs] ) + tools? ( sys-libs/libcap[static-libs] ) + sys-kernel/linux-headers" +BDEPEND="virtual/pkgconfig + man? ( app-text/docbook2X ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +RESTRICT="!test? ( test )" + +CONFIG_CHECK="~!NETPRIO_CGROUP + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + + ~MEMCG + ~NAMESPACES + ~NET_NS + ~PID_NS + + ~POSIX_MQUEUE + ~USER_NS + ~UTS_NS + ~VETH" + +ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" +ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" +ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" +ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" +ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" +ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" +ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt ) + +PATCHES=( + "${FILESDIR}"/${P}-start-Re-introduce-first-SET_DUMPABLE-call.patch +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + + # -Dtools-multicall=false: will create a single binary called 'lxc' that conflicts with LXD. + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + -Dcoverity-build=false + -Dinstall-state-dirs=false + -Doss-fuzz=false + -Dspecfile=false + -Dtools-multicall=false + + -Dcommands=true + -Dinstall-init-files=true + -Dmemfd-rexec=true + -Dthread-safety=true + + $(meson_use apparmor) + $(meson_use caps capabilities) + $(meson_use examples) + $(meson_use io-uring io-uring-event-loop) + $(meson_use man) + $(meson_use pam pam-cgroup) + $(meson_use seccomp) + $(meson_use selinux) + $(meson_use ssl openssl) + $(meson_use test tests) + $(meson_use tools) + + $(usex systemd -Ddbus=true -Ddbus=false) + $(usex systemd -Dinit-script="systemd" -Dinit-script="sysvinit") + + -Ddata-path=/var/lib/lxc + -Ddoc-path=/usr/share/doc/${PF} + -Dlog-path=/var/log/lxc + -Drootfs-mount-path=/var/lib/lxc/rootfs + -Druntime-path=/run + ) + + use tools && local emesonargs+=( -Dcapabilities=true ) + + meson_src_configure +} + +src_install() { + meson_src_install + + # The main bash-completion file will collide with lxd, need to relocate and update symlinks. + local lxcbashcompdir="${D}/$(get_bashcompdir)" + mkdir -p "${lxcbashcompdir}" || die "Failed to create bashcompdir." + mv "${lxcbashcompdir}"/_lxc "${lxcbashcompdir}"/lxc-start || die "Failed to move _lxc bash completion file." + + # Build system will install all bash completion files regardless of our 'tools' use flag. + # Though installing them all will add bash completions for commands that don't exist, it's + # cleaner than dealing with individual files based on the use flag status. + bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,update-config,usernsexec,wait} + + find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die + + # Replace upstream sysvinit/systemd files. + if use systemd ; then + rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir" + else + rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts" + fi + + newinitd "${FILESDIR}/${PN}.initd.9" ${PN} + systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service + systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service + systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service + systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service" + + if ! use apparmor; then + sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" || + die "Failed to remove apparmor references from lxc.service systemd unit." + fi +} + +pkg_postinst() { + elog "Please refer to " + elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide." + elog + elog "Run 'lxc-checkconfig' to see optional kernel features." + elog + + optfeature "creating your own LXC containers" app-containers/distrobuilder + optfeature "automatic template scripts" app-containers/lxc-templates + optfeature "Debian-based distribution container image support" dev-util/debootstrap + optfeature "snapshot & restore functionality" sys-process/criu +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/lxc/metadata.xml b/sdk_container/src/third_party/portage-stable/app-containers/lxc/metadata.xml new file mode 100644 index 00000000000..025e3688277 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/metadata.xml @@ -0,0 +1,19 @@ + + + + + juippis@gentoo.org + Joonas Niilola + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + Build and install additional command line tools + + + lxc/lxc + cpe:/a:linuxcontainers:lxc + + diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/Manifest new file mode 100644 index 00000000000..057a6fdb27a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/Manifest @@ -0,0 +1 @@ +DIST cowsql-1.15.7.tar.gz 364592 BLAKE2B d3cd4e399d029c63743cee081cd32c19fe364f4dd093c40f62162a2387a9a0da956b19f2f75dc9e556e18c8d957edcbee5c9fe449e3ba9961eb556cdc981a6e5 SHA512 d01fe084d911f13be4d21997f3ec4ba1b11d15198dbad404d55962abd4924dcc95d48eb7d8d94d3f65c512194d25acf761954994c5ffece78a27eff438441fda diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/cowsql-1.15.7.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/cowsql-1.15.7.ebuild new file mode 100644 index 00000000000..59d3603071b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/cowsql-1.15.7.ebuild @@ -0,0 +1,53 @@ +# Copyright 2020-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="Embeddable, replicated and fault tolerant SQL engine (fork of dqlite)" +HOMEPAGE="https://cowsql.dev/ https://github.com/cowsql/cowsql" +SRC_URI="https://github.com/cowsql/cowsql/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="LGPL-3-with-linking-exception" +SLOT="0" +KEYWORDS="amd64 ~arm64 ~x86" +IUSE="test" +RESTRICT="!test? ( test )" + +RDEPEND="dev-db/sqlite:3 + dev-libs/libuv:= + >=dev-libs/raft-0.18.1:=" +DEPEND="${RDEPEND} + test? ( dev-libs/raft[lz4,test] )" +BDEPEND="virtual/pkgconfig" + +PATCHES=( "${FILESDIR}"/dqlite-1.12.0-disable-werror.patch ) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local myeconfargs=( + --disable-backtrace + --disable-debug + --disable-sanitize + --disable-static + + # Will build a bundled libsqlite3.so. + --enable-build-sqlite=no + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + default +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/files/dqlite-1.12.0-disable-werror.patch b/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/files/dqlite-1.12.0-disable-werror.patch new file mode 100644 index 00000000000..9c92324688d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/files/dqlite-1.12.0-disable-werror.patch @@ -0,0 +1,20 @@ +diff -Naur a/configure.ac b/configure.ac +--- a/configure.ac 2022-11-18 16:44:34.000000000 +0200 ++++ b/configure.ac 2022-11-19 09:21:24.157589426 +0200 +@@ -3,7 +3,7 @@ + AC_CONFIG_MACRO_DIR([m4]) + AC_CONFIG_AUX_DIR([ac]) + +-AM_INIT_AUTOMAKE([subdir-objects -Wall -Werror -Wno-portability foreign]) ++AM_INIT_AUTOMAKE([subdir-objects -Wall -Wno-portability foreign]) + AM_SILENT_RULES([yes]) + + AC_PROG_CC_STDC +@@ -82,7 +82,6 @@ + -Wdate-time \ + -Wnested-externs \ + -Wconversion \ +- -Werror \ + ]) + # To enable: + # diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/metadata.xml new file mode 100644 index 00000000000..25c078695e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/cowsql/metadata.xml @@ -0,0 +1,25 @@ + + + + + juippis@gentoo.org + Joonas Niilola + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + cowsql is a C library that implements an embeddable and replicated SQL + database engine with high-availability and automatic failover. + + Cowsql is a fork from dqlite. + The acronym "dqlite" stands for "distributed SQLite", meaning that dqlite + extends SQLite with a network protocol that can connect together various + instances of your application and have them act as a highly-available + cluster, with no dependency on external databases. + + + cowsql/cowsql + + diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/raft/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/raft/Manifest new file mode 100644 index 00000000000..c390ca568bf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/raft/Manifest @@ -0,0 +1 @@ +DIST raft-0.22.1.tar.gz 362393 BLAKE2B b6fc8f8e9dc6801ac8ad1b9d94f984b249b83def00a08776292500b079bb777330e8a83cf40153bfb1baae921105788d758c9f61a021d5519d5c27048b6be8b9 SHA512 fb4ea98321336daaa605e1c3cd55f672860fc8894d479fdff4e1862a4eb5622dbaf7a943e030dd2bcdaa14cc639e7e11ac43d71f00bdbd27f12c6b67653b70e4 diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/raft/files/raft-0.10.0-toggle-zfs.patch b/sdk_container/src/third_party/portage-stable/dev-libs/raft/files/raft-0.10.0-toggle-zfs.patch new file mode 100644 index 00000000000..f31b599b610 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/raft/files/raft-0.10.0-toggle-zfs.patch @@ -0,0 +1,21 @@ +diff -Naur a/configure.ac b/configure.ac +--- a/configure.ac 2021-03-16 14:45:58.000000000 +0200 ++++ b/configure.ac 2021-03-23 07:45:06.875557286 +0200 +@@ -47,13 +47,10 @@ + # Checks for header files. + AC_CHECK_HEADERS([stdlib.h string.h stdio.h assert.h unistd.h linux/io_uring.h linux/aio_abi.h]) + +-# Check if zfs >= 0.8.0 is available (for direct I/O support). +-AC_CHECK_PROG(have_zfs, zfs, yes) +-AS_IF([test x"$have_zfs" = x"yes"], +- [AX_COMPARE_VERSION($(cat /sys/module/zfs/version | cut -f 1 -d -), [ge], [0.8.0], +- [AC_DEFINE(RAFT_HAVE_ZFS_WITH_DIRECT_IO)], []) +- ], +- []) ++# zfs support. We have 0.8.6 as stable in Gentoo, which is plenty above the required minimum. ++AC_ARG_WITH([zfs], AS_HELP_STRING([--with-zfs], [Build with zfs support (default: disabled)])) ++AS_IF([test "x$with_zfs" = "xyes"], ++ [AC_DEFINE(RAFT_HAVE_ZFS_WITH_DIRECT_IO)], []) + + # Checks for typedefs, structures, and compiler characteristics. + AC_TYPE_SIZE_T diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/raft/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/raft/metadata.xml new file mode 100644 index 00000000000..94076382bb1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/raft/metadata.xml @@ -0,0 +1,25 @@ + + + + + juippis@gentoo.org + Joonas Niilola + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + ZFS support + + + The library has modular design: its core part implements only the core + Raft algorithm logic, in a fully platform independent way. On top of that, + a pluggable interface defines the I/O implementation for networking + (send/receive RPC messages) and disk persistence (store log entries and + snapshots). + + + cowsql/raft + + diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/raft/raft-0.22.1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/raft/raft-0.22.1.ebuild new file mode 100644 index 00000000000..39daa1268be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/raft/raft-0.22.1.ebuild @@ -0,0 +1,60 @@ +# Copyright 2020-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="C implementation of the Raft consensus protocol" +HOMEPAGE="https://github.com/cowsql/raft" +SRC_URI="https://github.com/cowsql/raft/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="LGPL-3-with-linking-exception" + +# Upstream change from canonical to cowsql resetted SONAME, 3 -> 0. bgo#915960 +SLOT="0/0" +KEYWORDS="amd64 ~arm64 ~x86" +IUSE="lz4 test zfs" +RESTRICT="!test? ( test )" + +DEPEND="dev-libs/libuv:= + lz4? ( app-arch/lz4:= )" +RDEPEND="${DEPEND}" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}"/raft-0.10.0-toggle-zfs.patch +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # --disable-hardening: most of these are covered on non-hardened Gentoo already. + local myeconfargs=( + --enable-uv + --enable-v0 + + --disable-backtrace + --disable-benchmark + --disable-debug + --disable-example + --disable-hardening + --disable-sanitize + --disable-static + + $(use_enable test fixture) + + $(use_with lz4) + $(use_with zfs) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/dev-util/xdelta/Manifest b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/Manifest new file mode 100644 index 00000000000..5ad02861c73 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/Manifest @@ -0,0 +1,2 @@ +DIST xdelta-1.1.4.tar.gz 423529 BLAKE2B b565f82ba0504118b74127096939e5699ea312be5c6c8a345abfcf0fb01b45e759abe595b33619b2714671e2f0307d603366a1f7a6b1fb5a786378716a51df6b SHA512 eef45f7977e9a7f490b881f33ab8a948cc5eff9300ea850cc30062905c8e883c104961f075f56f7ce8e385142c35de168aef1e0b8169bda66786ea4bee33168b +DIST xdelta3-3.0.11.tar.gz 683605 BLAKE2B bc33c9d6a3bb21bc52d72bba54f5e2b1058ea8d7cd7474aaf6dbdc27e165e0fbea644c584402f5bbc8ace7cd6a3aefae18588a659418f93eb041168545363bf4 SHA512 41c48e28f92ad50a737cf0acac150fe17d1132e9a652c482d751c8c4e745c6922d576a183eeabae343a1a238ed8c53353e537977628c86eb599ab3d1c01e7c52 diff --git a/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-glib2.patch b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-glib2.patch new file mode 100644 index 00000000000..916b3ee2c00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-glib2.patch @@ -0,0 +1,221 @@ +Nicked from http://cvs.fedoraproject.org/viewvc/devel/xdelta/xdelta-1.1.4-glib2.patch + + +--- xdelta-1.1.4pre1/libedsio/edsio.c.glib2 2007-01-29 14:55:10.000000000 +0100 ++++ xdelta-1.1.4pre1/libedsio/edsio.c 2007-01-29 14:56:52.000000000 +0100 +@@ -179,9 +179,9 @@ + } + } + +- while (g_queue_get_size (queued) > 0) ++ while (g_queue_get_length (queued) > 0) + { +- DelayedEvent* de = g_queue_pop (queued); ++ DelayedEvent* de = g_queue_pop_head (queued); + + for (i = 0; i < all_event_watchers->len; i += 1) + { +@@ -211,7 +211,7 @@ + de->def = def; + de->msg = out->str; + +- g_queue_push (queued, de); ++ g_queue_push_tail (queued, de); + + g_ptr_array_add (free_strings, out); + } +@@ -1482,129 +1482,3 @@ + g_free (source); + } + +-/* Missing glib stuff +- */ +- +-GQueue * +-g_queue_new (void) +-{ +- GQueue *q = g_new (GQueue, 1); +- +- q->list = q->list_end = NULL; +- q->list_size = 0; +- +- return q; +-} +- +- +-void +-g_queue_free (GQueue *q) +-{ +- if (q) +- { +- if (q->list) +- g_list_free (q->list); +- g_free (q); +- } +-} +- +- +-guint +-g_queue_get_size (GQueue *q) +-{ +- return (q == NULL) ? 0 : q->list_size; +-} +- +- +-void +-g_queue_push_front (GQueue *q, gpointer data) +-{ +- if (q) +- { +- q->list = g_list_prepend (q->list, data); +- +- if (q->list_end == NULL) +- q->list_end = q->list; +- +- q->list_size++; +- } +-} +- +- +-void +-g_queue_push_back (GQueue *q, gpointer data) +-{ +- if (q) +- { +- q->list_end = g_list_append (q->list_end, data); +- +- if (! q->list) +- q->list = q->list_end; +- else +- q->list_end = q->list_end->next; +- +- q->list_size++; +- } +-} +- +- +-gpointer +-g_queue_pop_front (GQueue *q) +-{ +- gpointer data = NULL; +- +- if ((q) && (q->list)) +- { +- GList *node; +- +- node = q->list; +- data = node->data; +- +- if (! node->next) +- { +- q->list = q->list_end = NULL; +- q->list_size = 0; +- } +- else +- { +- q->list = node->next; +- q->list->prev = NULL; +- q->list_size--; +- } +- +- g_list_free_1 (node); +- } +- +- return data; +-} +- +- +-gpointer +-g_queue_pop_back (GQueue *q) +-{ +- gpointer data = NULL; +- +- if ((q) && (q->list)) +- { +- GList *node; +- +- node = q->list_end; +- data = node->data; +- +- if (! node->prev) +- { +- q->list = q->list_end = NULL; +- q->list_size = 0; +- } +- else +- { +- q->list_end = node->prev; +- q->list_end->next = NULL; +- q->list_size--; +- } +- +- g_list_free_1 (node); +- } +- +- return data; +-} +--- xdelta-1.1.4pre1/libedsio/edsio.h.glib2 2007-01-29 14:54:38.000000000 +0100 ++++ xdelta-1.1.4pre1/libedsio/edsio.h 2007-01-29 14:55:00.000000000 +0100 +@@ -481,49 +481,6 @@ + + #endif + +-/* Missing glib stuff +- */ +- +-typedef struct _GQueue GQueue; +- +-struct _GQueue +-{ +- GList *list; +- GList *list_end; +- guint list_size; +-}; +- +-/* Queues +- */ +- +-GQueue * g_queue_new (void); +-void g_queue_free (GQueue *q); +-guint g_queue_get_size (GQueue *q); +-void g_queue_push_front (GQueue *q, gpointer data); +-void g_queue_push_back (GQueue *q, gpointer data); +-gpointer g_queue_pop_front (GQueue *q); +-gpointer g_queue_pop_back (GQueue *q); +- +-#define g_queue_empty(queue) \ +- ((((GQueue *)(queue)) && ((GQueue *)(queue))->list) ? FALSE : TRUE) +- +-#define g_queue_peek_front(queue) \ +- ((((GQueue *)(queue)) && ((GQueue *)(queue))->list) ? \ +- ((GQueue *)(queue))->list->data : NULL) +- +-#define g_queue_peek_back(queue) \ +- ((((GQueue *)(queue)) && ((GQueue *)(queue))->list_end) ? \ +- ((GQueue *)(queue))->list_end->data : NULL) +- +-#define g_queue_index(queue,ptr) \ +- ((((GQueue *)(queue)) && ((GQueue *)(queue))->list) ? \ +- g_list_index (((GQueue *)(queue))->list, (ptr)) : -1) +- +-#define g_queue_push g_queue_push_back +-#define g_queue_pop g_queue_pop_front +-#define g_queue_peek g_queue_peek_front +- +- + #ifdef __cplusplus + } + #endif +--- xdelta-1.1.4pre1/configure.in.glib2 2007-01-29 14:58:06.000000000 +0100 ++++ xdelta-1.1.4pre1/configure.in 2007-01-29 14:59:18.000000000 +0100 +@@ -71,8 +71,8 @@ + top_srcdir_absolute=`cd $srcdir; pwd` + AC_SUBST(top_srcdir_absolute) + +-AM_PATH_GLIB(1.2.8,, +- AC_MSG_ERROR(Test for GLIB failed. Download it from ftp://ftp.gtk.org/pub/gtk/v1.2/)) ++AM_PATH_GLIB_2_0(2.10.0,, ++ AC_MSG_ERROR(Test for GLIB2.0 failed. Download it from ftp://ftp.gtk.org/pub/gtk/v2.10/)) + + dnl AC_CHECK_LIB(z, gzsetparams, */ + dnl AC_CHECK_HEADER(zlib.h,, */ diff --git a/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-gzip.patch b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-gzip.patch new file mode 100644 index 00000000000..67696da730c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-gzip.patch @@ -0,0 +1,59 @@ +https://bugs.gentoo.org/919228 + +--- a/test/xdeltatest.c ++++ b/test/xdeltatest.c +@@ -512,7 +512,7 @@ run_command (TestProfile *tp, int zlevel, int slevel, File* from, File* to, File + if (zlevel > 0 && starts_with (tp->name, "diff")) + { + Patch *patch = read_patch (out, & sbuf); +- gzFile *rewrite = gzopen (out->name, diff_gzargs); ++ gzFile rewrite = gzopen (out->name, diff_gzargs); + + if (! rewrite) fail (); + +diff --git a/xdelta-1.1.4/xdmain.c b/../../xdelta-1.1.4.new/xdmain.c +index b1abc74..9c27195 100755 +--- a/xdmain.c ++++ b/xdmain.c +@@ -179,6 +179,7 @@ struct _XdFileHandle + guint narrow_high; + guint current_pos; + FILE* in; ++ gzFile zin; + gboolean (* in_read) (XdFileHandle* handle, void* buf, gint nbyte); + gboolean (* in_close) (XdFileHandle* handle); + gboolean in_compressed; +@@ -520,7 +521,7 @@ xd_gzwrite (XdFileHandle* fh, const void* buf, gint nbyte) + static gboolean + xd_gzread (XdFileHandle* fh, void* buf, gint nbyte) + { +- return gzread (fh->in, buf, nbyte) == nbyte; ++ return gzread (fh->zin, buf, nbyte) == nbyte; + } + + static gboolean +@@ -532,7 +533,7 @@ xd_gzclose (XdFileHandle* fh) + static gboolean + xd_gzrclose (XdFileHandle* fh) + { +- return gzclose (fh->in) == Z_OK; ++ return gzclose (fh->zin) == Z_OK; + } + + static void +@@ -1022,13 +1023,13 @@ xd_handle_narrow (XdFileHandle* fh, guint low, guint high, gboolean compressed) + } + + g_assert (fh->fd >= 0); +- fh->in = gzdopen (dup (fh->fd), "rb"); ++ fh->zin = gzdopen (dup (fh->fd), "rb"); + fh->in_read = &xd_gzread; + fh->in_close = &xd_gzrclose; + fh->in_compressed = TRUE; + fh->current_pos = 0; + +- if (! fh->in) ++ if (! fh->zin) + { + xd_error ("gzdopen failed: %s\n", g_strerror (errno)); + return -1; diff --git a/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-m4.patch b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-m4.patch new file mode 100644 index 00000000000..ad8c99de597 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-m4.patch @@ -0,0 +1,11 @@ +--- xdelta-1.1.3/xdelta.m4.aclocal 2004-10-20 00:20:47.875648144 +0200 ++++ xdelta-1.1.3/xdelta.m4 2004-10-20 00:21:47.205628616 +0200 +@@ -4,7 +4,7 @@ + dnl AM_PATH_XDELTA([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND [, MODULES]]]]) + dnl Test for XDELTA, and define XDELTA_CFLAGS and XDELTA_LIBS, if "gmodule" or + dnl +-AC_DEFUN(AM_PATH_XDELTA, ++AC_DEFUN([AM_PATH_XDELTA], + [dnl + dnl Get the cflags and libraries from the xdelta-config script + dnl diff --git a/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-pkgconfig.patch b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-pkgconfig.patch new file mode 100644 index 00000000000..bb509b8d435 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-pkgconfig.patch @@ -0,0 +1,113 @@ +Nicked from http://cvs.fedoraproject.org/viewvc/devel/xdelta/xdelta-1.1.3-pkgconfig.patch + +--- /dev/null 2006-05-17 14:47:01.398050000 +0200 ++++ xdelta-1.1.3/xdelta.pc.in 2006-05-30 16:00:55.000000000 +0200 +@@ -0,0 +1,13 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++pkgdatadir=@pkgdatadir@ ++ ++Name: xdelta ++Description: A binary file delta generator and an RCS replacement library. ++Version: @VERSION@ ++Requires: glib-2.0 ++Libs: -L${libdir} -lxdelta -ledsio ++Cflags: -I${includedir} ++ +--- /dev/null 2006-05-17 14:47:01.398050000 +0200 ++++ xdelta-1.1.3/xdelta-config 2006-05-30 16:04:22.000000000 +0200 +@@ -0,0 +1,60 @@ ++#!/bin/bash ++# ++# Simple wrapper around pkg-config to replace /usr/bin/-config scripts ++# ++# Copyright 2006 Red Hat, Inc. ++# Jeremy Katz ++ ++CFGPATH=$(basename $0) ++MODULE=${CFGPATH%-config} ++ ++usage() { ++ pkg-config --help ++ exit 1 ++} ++ ++if [ $# -lt 1 ]; then ++ usage 1>&2 ++fi ++ ++ARGS="" ++ ++while test $# -gt 0; do ++ case $1 in ++ --version) ++ ARGS="$ARGS --modversion" ++ ;; ++ --cflags) ++ ARGS="$ARGS --cflags" ++ ;; ++ --libs) ++ ARGS="$ARGS --libs" ++ ;; ++ --libdir*) ++ ARGS="$ARGS --libs-only-L" ++ ;; ++ --includedir*) ++ ARGS="$ARGS --cflags-only-I" ++ ;; ++ --prefix*) ++ ARGS="$ARGS --variable=prefix" ++ ;; ++ --exec-prefix*) ++ ARGS="$ARGS --variable=exec_prefix" ++ ;; ++ --module*) ++ if echo $1 | grep -q '=' ; then ++ MODULE=`echo $1 | sed 's/^--module=//'` ++ else ++ MODULE=$2 ++ shift ++ fi ++ ;; ++ *) ++ usage 1>&2 ++ ;; ++ esac ++ shift ++done ++ ++pkg-config $ARGS $MODULE +--- xdelta-1.1.3/Makefile.am.pkgconfig 2006-05-30 16:00:55.000000000 +0200 ++++ xdelta-1.1.3/Makefile.am 2006-05-30 16:00:55.000000000 +0200 +@@ -27,6 +27,9 @@ + m4datadir = $(datadir)/aclocal + m4data_DATA = xdelta.m4 + ++pkgconfigdir = $(libdir)/pkgconfig ++pkgconfig_DATA = xdelta.pc ++ + ## $Format: "libxdelta_la_LDFLAGS = -version-info $LibCurrent$:$LibRevision$:$LibAge$" $ + libxdelta_la_LDFLAGS = -version-info 2:0:0 + +--- xdelta-1.1.3/configure.in.pkgconfig 2006-05-30 16:00:55.000000000 +0200 ++++ xdelta-1.1.3/configure.in 2006-05-30 16:00:55.000000000 +0200 +@@ -63,6 +63,8 @@ + AC_HEADER_STDC + AC_PROG_MAKE_SET + ++PKG_PROG_PKG_CONFIG ++ + AC_CHECK_FUNCS(gettimeofday) + AC_HEADER_TIME + +@@ -83,7 +85,7 @@ + doc/Makefile + test/Makefile + djgpp/Makefile +- xdelta-config ++ xdelta.pc + libedsio/Makefile + libedsio/edsio-comp, + diff --git a/sdk_container/src/third_party/portage-stable/dev-util/xdelta/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/metadata.xml new file mode 100644 index 00000000000..f01eaf45088 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/metadata.xml @@ -0,0 +1,12 @@ + + + + + mgorny@gentoo.org + Michał Górny + + + xdelta + jmacd/xdelta-devel + + diff --git a/sdk_container/src/third_party/portage-stable/dev-util/xdelta/xdelta-1.1.4-r4.ebuild b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/xdelta-1.1.4-r4.ebuild new file mode 100644 index 00000000000..c324bb650d6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/xdelta-1.1.4-r4.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools toolchain-funcs + +DESCRIPTION="Computes changes between binary or text files and creates deltas" +HOMEPAGE="https://xdelta.googlecode.com/" +SRC_URI="https://${PN}.googlecode.com/files/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~alpha amd64 ~arm64 ~hppa ppc ppc64 sparc x86" + +RDEPEND=">=dev-libs/glib-2 + >=sys-libs/zlib-1.1.4:=" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${P}-m4.patch" + "${FILESDIR}/${P}-glib2.patch" + "${FILESDIR}/${P}-pkgconfig.patch" + "${FILESDIR}/${P}-gzip.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + tc-export CC + econf --disable-static +} + +src_install() { + default + + # no static archives + find "${ED}" -name '*.la' -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/dev-util/xdelta/xdelta-3.0.11-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/xdelta-3.0.11-r1.ebuild new file mode 100644 index 00000000000..ca61eeba127 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-util/xdelta/xdelta-3.0.11-r1.ebuild @@ -0,0 +1,39 @@ +# Copyright 2002-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +MY_P=xdelta3-${PV} + +DESCRIPTION="Computes changes between binary or text files and creates deltas" +HOMEPAGE="http://xdelta.org/" +SRC_URI="https://github.com/jmacd/xdelta-gpl/releases/download/v${PV}/${MY_P}.tar.gz" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-2" +SLOT="3" +KEYWORDS="~alpha amd64 ~arm64 ~hppa ~loong ppc ppc64 ~riscv sparc x86" +IUSE="examples lzma" + +RDEPEND="lzma? ( app-arch/xz-utils:= )" +DEPEND="${RDEPEND}" + +src_configure() { + econf $(use_with lzma liblzma) +} + +src_compile() { + # avoid building tests + emake xdelta3 +} + +src_test() { + emake xdelta3regtest + ./xdelta3regtest || die +} + +src_install() { + emake DESTDIR="${D}" install-binPROGRAMS install-man1 + dodoc draft-korn-vcdiff.txt README.md + use examples && dodoc -r examples +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/Manifest new file mode 100644 index 00000000000..bd1e1f8ea1a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/Manifest @@ -0,0 +1,6 @@ +DIST lxcfs-5.0.4.tar.gz 104249 BLAKE2B 83a7b861136c34da8a24dd525fd0767193f2bbd92b40e3b9fd5e42d7645465411792e65e95797ab13b33330299d12b19bdd5786352875ed88ac0097b72b711a9 SHA512 b404045dbabe23e1d1f1d74c1648d2596bb70aaa9f9e46f9f5635b0a02d0c451f68b2559920bbefc5b889e908cf1da0a33c148b26bdce3e45c3d0cbdff710604 +DIST lxcfs-5.0.4.tar.gz.asc 833 BLAKE2B aff883d24b374b296ea3678670e5e82c723fd0e35cfd7fed555aabbd811a104becc0b741331b4aa4a5129c9fff4dc88c6a86e7d64a89fe86aea81718f5d432dd SHA512 56b639597dbaf3008fe030147ea37192bd465c467a79e11ce139bcaa6bca1625b4bb9c4eda6ea1877446769f0fad9b4c5a3513d4f4415b841db96d5da8325ddc +DIST lxcfs-6.0.3.tar.gz 106684 BLAKE2B 358033df95b52c6b04f5f622eb89e1f62f4f86098d9478b2643c83c3b62c5a6d1429c34b37b7d6241b522ec1d0ec8f8922c01a990cfb75b0b022b00720ded1d3 SHA512 c32941ccdba5906f5542b393077ea6cad9d5cd83eab38692c22614c19fec4f0fe95d3428ae7a49f6e9e9e1879db3479a2a09f37755d2c45c8230b099986eec2d +DIST lxcfs-6.0.3.tar.gz.asc 833 BLAKE2B 202b5539f5d4621e0d2071aaa861976af801a6c5c49bf921acd9015923bf8201178273aa79d7b69b51d7fa1abb0112a4960452e86d7d340b752b2f8d4bb2c559 SHA512 dd27747d56cddb6e0057232a9a451f5d08d812aa73fe70633d31ce38d650dcbdda3e6f195aad3d591dd4ba3ad7cdf658b0bb1ce55b660d26d315ad598d44a74e +DIST lxcfs-6.0.4.tar.gz 106751 BLAKE2B 4f05cb5e31ed1f313eeb42ac7cc9e68031011af363992e9d15266d7c831fb83078821a42181142cb58418dc87b6ae71ccd79559e0c77c19b5810cb2f5dde98ab SHA512 27e27dd14e3ab6d6f33b78f3316d1d15ccdb5af76fd3631770fe8ff4e1d1a3cc6d7a8009a604660fccc63e4fa5f1601c6505f66ab76c11dcfcddd3baf7ff173b +DIST lxcfs-6.0.4.tar.gz.asc 833 BLAKE2B 71d552694273e6b3fbeaa4fd2a07ad783ca66824fa7fef69ba79a343b65e57295a702efe580c17e77c6fdb3f79364e98206a099ef3ac99b1d1238178cd343e20 SHA512 fecc002f39f841f3ffbfd7c543cdfed61b9276e962a75230b2962a36bbef04f5444481bb1409ba38ed8f619d0887313f1cc84389f64755d6168c017f68bbaeb2 diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.confd b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.confd new file mode 100644 index 00000000000..bc853aa681b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.confd @@ -0,0 +1,8 @@ +# /etc/conf.d/lxcfs: config file for /etc/init.d/lxcfs + +# lxcfs options: +# -l == calculate container load average instead of displaying host load average +# -u == don't display swap usage to containers + +LXCFS_OPTS="-l -u" +LXCFS_PATH="/var/lib/lxcfs" diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.initd b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.initd new file mode 100644 index 00000000000..f3119f2e8e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.initd @@ -0,0 +1,27 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +DAEMON=/usr/bin/lxcfs +PIDFILE=/run/lxcfs.pid + +start() { + ebegin "Starting lxcfs." + /sbin/modprobe -q fuse + install -d "${LXCFS_PATH}" + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${DAEMON} \ + --background \ + --make-pidfile \ + -- ${LXCFS_OPTS} \ + "${LXCFS_PATH}" + eend ${?} +} + +stop() { + ebegin "Stopping lxcfs." + /usr/bin/fusermount3 -u "${LXCFS_PATH}" + start-stop-daemon --stop --quiet -R TERM/45 -p ${PIDFILE} + eend ${?} +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.service b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.service new file mode 100644 index 00000000000..dc3dc9f18f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.service @@ -0,0 +1,18 @@ +[Unit] +Description=FUSE filesystem for LXC +ConditionVirtualization=!container +Before=lxc.service +Documentation=man:lxcfs(1) + +[Service] +ExecStartPre=/sbin/modprobe -q fuse +ExecStartPre=install -d /var/lib/lxcfs +ExecStart=/usr/bin/lxcfs /var/lib/lxcfs +KillMode=process +Restart=on-failure +ExecStopPost=-/usr/bin/fusermount3 -u /var/lib/lxcfs +Delegate=yes +ExecReload=/bin/kill -USR1 ${MAINPID} + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.4-fix-incompatible-pointer-conversion.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.4-fix-incompatible-pointer-conversion.patch new file mode 100644 index 00000000000..bead63bd52d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.4-fix-incompatible-pointer-conversion.patch @@ -0,0 +1,19 @@ +Bug: https://bugs.gentoo.org/894348 +Upstream PR: https://github.com/lxc/lxcfs/pull/610 +--- a/src/proc_loadavg.c ++++ b/src/proc_loadavg.c +@@ -603,12 +603,12 @@ pthread_t load_daemon(int load_use) + + ret = init_load(); + if (ret == -1) +- return log_error(0, "Initialize hash_table fails in load_daemon!"); ++ return (pthread_t) log_error(0, "Initialize hash_table fails in load_daemon!"); + + ret = pthread_create(&pid, NULL, load_begin, NULL); + if (ret != 0) { + load_free(); +- return log_error(0, "Create pthread fails in load_daemon!"); ++ return (pthread_t) log_error(0, "Create pthread fails in load_daemon!"); + } + + /* use loadavg, here loadavg = 1*/ diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-5.0.4-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-5.0.4-r2.ebuild new file mode 100644 index 00000000000..899801e6b9b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-5.0.4-r2.ebuild @@ -0,0 +1,84 @@ +# Copyright 2022-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit cmake meson python-any-r1 systemd verify-sig + +DESCRIPTION="FUSE filesystem for LXC" +HOMEPAGE="https://linuxcontainers.org/lxcfs/introduction/ https://github.com/lxc/lxcfs/" +SRC_URI="https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz.asc )" + +LICENSE="Apache-2.0 LGPL-2+" +SLOT="0" +KEYWORDS="amd64 ~arm64 ~riscv ~x86" +IUSE="doc test" + +DEPEND="sys-fs/fuse:3=" +RDEPEND="${DEPEND}" +BDEPEND="${PYTHON_DEPS} + virtual/pkgconfig + $(python_gen_any_dep ' + dev-python/jinja2[${PYTHON_USEDEP}] + ') + doc? ( sys-apps/help2man ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +# Needs some black magic to work inside container/chroot. +RESTRICT="test" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +PATCHES=( + "${FILESDIR}"/${PN}-5.0.4-fix-incompatible-pointer-conversion.patch +) + +python_check_deps() { + python_has_version -b "dev-python/jinja2[${PYTHON_USEDEP}]" +} + +pkg_setup() { + python-any-r1_pkg_setup +} + +src_prepare() { + default + + # Fix python shebangs for python-exec[-native-symlinks], #851480 + local shebangs=($(grep -rl "#!/usr/bin/env python3" || die)) + python_fix_shebang -q ${shebangs[*]} +} + +src_configure() { + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + $(meson_use doc docs) + $(meson_use test tests) + + -Dfuse-version=3 + -Dinit-script="" + -Dwith-init-script="" + ) + + meson_src_configure +} + +src_test() { + cd "${BUILD_DIR}"/tests || die "failed to change into tests/ directory." + ./main.sh || die +} + +src_install() { + meson_src_install + + newconfd "${FILESDIR}"/lxcfs-5.0.2.confd lxcfs + newinitd "${FILESDIR}"/lxcfs-5.0.2.initd lxcfs + + # Provide our own service file (copy of upstream) due to paths being different from upstream, + # #728470 + systemd_newunit "${FILESDIR}"/lxcfs-5.0.2.service lxcfs.service +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-6.0.3-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-6.0.3-r1.ebuild new file mode 100644 index 00000000000..e75cae6c0b8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-6.0.3-r1.ebuild @@ -0,0 +1,80 @@ +# Copyright 2022-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) + +inherit cmake meson python-any-r1 systemd verify-sig + +DESCRIPTION="FUSE filesystem for LXC" +HOMEPAGE="https://linuxcontainers.org/lxcfs/introduction/ https://github.com/lxc/lxcfs/" +SRC_URI="https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz.asc )" + +LICENSE="Apache-2.0 LGPL-2+" +SLOT="0" +KEYWORDS="amd64 ~arm64 ~riscv ~x86" +IUSE="doc test" + +DEPEND="sys-fs/fuse:3=" +RDEPEND="${DEPEND}" +BDEPEND="${PYTHON_DEPS} + virtual/pkgconfig + $(python_gen_any_dep ' + dev-python/jinja2[${PYTHON_USEDEP}] + ') + doc? ( sys-apps/help2man ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +# Needs some black magic to work inside container/chroot. +RESTRICT="test" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +python_check_deps() { + python_has_version -b "dev-python/jinja2[${PYTHON_USEDEP}]" +} + +pkg_setup() { + python-any-r1_pkg_setup +} + +src_prepare() { + default + + # Fix python shebangs for python-exec[-native-symlinks], #851480 + local shebangs=($(grep -rl "#!/usr/bin/env python3" || die)) + python_fix_shebang -q ${shebangs[*]} +} + +src_configure() { + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + $(meson_use doc docs) + $(meson_use test tests) + + -Dfuse-version=3 + -Dinit-script="" + -Dwith-init-script="" + ) + + meson_src_configure +} + +src_test() { + cd "${BUILD_DIR}"/tests || die "failed to change into tests/ directory." + ./main.sh || die +} + +src_install() { + meson_src_install + + newconfd "${FILESDIR}"/lxcfs-5.0.2.confd lxcfs + newinitd "${FILESDIR}"/lxcfs-5.0.2.initd lxcfs + + # Provide our own service file (copy of upstream) due to paths being different from upstream, + # #728470 + systemd_newunit "${FILESDIR}"/lxcfs-5.0.2.service lxcfs.service +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-6.0.4.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-6.0.4.ebuild new file mode 100644 index 00000000000..dd903105a61 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-6.0.4.ebuild @@ -0,0 +1,81 @@ +# Copyright 2022-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) + +inherit cmake meson python-any-r1 systemd verify-sig + +DESCRIPTION="FUSE filesystem for LXC" +HOMEPAGE="https://linuxcontainers.org/lxcfs/introduction/ https://github.com/lxc/lxcfs/" +SRC_URI="https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz.asc )" + +LICENSE="Apache-2.0 LGPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~riscv ~x86" +IUSE="doc test" + +DEPEND="sys-fs/fuse:3=" +RDEPEND="${DEPEND}" +BDEPEND="${PYTHON_DEPS} + virtual/pkgconfig + $(python_gen_any_dep ' + dev-python/jinja2[${PYTHON_USEDEP}] + ') + doc? ( sys-apps/help2man ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +# Needs some black magic to work inside container/chroot. +RESTRICT="test" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +python_check_deps() { + python_has_version -b "dev-python/jinja2[${PYTHON_USEDEP}]" +} + +pkg_setup() { + python-any-r1_pkg_setup +} + +src_prepare() { + default + + # Fix python shebangs for python-exec[-native-symlinks], #851480 + local shebangs=($(grep -rl "#!/usr/bin/env python3" || die)) + python_fix_shebang -q ${shebangs[*]} +} + +src_configure() { + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + $(meson_use doc docs) + $(meson_use test tests) + + -Dfuse-version=3 + -Dinit-script="" + -Dwith-init-script="" + ) + + meson_src_configure +} + +src_test() { + cd "${BUILD_DIR}"/tests || die "failed to change into tests/ directory." + ./main.sh || die +} + +src_install() { + meson_src_install + + newconfd "${FILESDIR}"/lxcfs-5.0.2.confd lxcfs + newinitd "${FILESDIR}"/lxcfs-5.0.2.initd lxcfs + + # Provide our own service file (copy of upstream) due to paths being different from upstream, + # #728470 + # https://github.com/lxc/lxcfs/tree/main/config/init + systemd_newunit "${FILESDIR}"/lxcfs-5.0.2.service lxcfs.service +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/metadata.xml new file mode 100644 index 00000000000..358bde78668 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/metadata.xml @@ -0,0 +1,22 @@ + + + + + juippis@gentoo.org + Joonas Niilola + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + LXCFS is a simple userspace filesystem designed to + provide a cgroupfs-like tree which is container aware + and a set of files which can be bind-mounted over + their /proc originals to provide cgroup-aware values. + + + lxc/lxfs + cpe:/a:canonical:lxcfs + +